| ▲ | The end of password pain: building frictionless authentication at the Guardian(theguardian.engineering) |
| 10 points by Tomte 21 hours ago | 3 comments |
| |
|
| ▲ | bob1029 20 hours ago | parent [-] |
| I've been enjoying modern machine-to-machine flows. Trading trusted URLs for client ids is a really secure model. Especially if you go the extra mile with role based machine auth to cloud key stores. You can do the entire thing without a single secret string. I'd much rather prove I can control a URL than ensure a piece of information never leaks out. |
| |
| ▲ | mooreds 17 hours ago | parent [-] | | Are you talking about CIMD? | | |
| ▲ | bob1029 15 hours ago | parent [-] | | Not specifically but it's the same idea. CIMD is perhaps one step too far for the cases I've worked with. We seem to prefer an out-of-band process for establishing trust. Two CTOs exchanging FQDNs at lunch is a fairly robust model. |
|
|
